Trusted by 7 of the Largest Financial FirmsTrusted by 4 of the Top Telco ProvidersTrusted by 8 of the Largest RetailersTrusted by 6 of the Leading Global Tech CompaniesTrusted by 7 of the Leading Travel & Transportation Groups

Resources

Get to know us better! Gain valuable insights into how we think by visiting our blog, or take a look at the industry events we're frequenting on our events page. You can also geek out with us by attending one of our security management webinars, or dive head first into the products and solutions we provide in our Resource Library. There's lots to keep you busy!

A Practical History of the Firewall - Part 1: Early Days

May 19, 2017Jody Brazil

This post originally appeared on LinkedIn. It is Part 1 of 4 of FireMon Co-Founder and Chief Product Strategist, Jody Brazil’s, series “A Practical History of the Firewall.”

This is not a primer on firewalls, nor is it meant to represent a comprehensive picture of the history of the firewall. There are plenty of good resources that outline the history of the firewall, for example Wikipedia: https://en.wikipedia.org/wiki/Firewall_(computing). There are also a significant number of people that deserve credit for the invention of the firewall that are not recognized in this series (if interested, here is a good story from Dark Reading: Who Invented the Firewall). My focus is on the commercial firewall and the market dynamics that led to adoption of these technologies.

As a practitioner in the relatively early days of the mass adoption of the Internet (mid to late 90s), I saw the rapid adoption and evolution of firewall technology. I had a limited view, and certainly have an imperfect memory, of this history. As such, over the next few posts, I welcome your comments to help me fill in the missing pieces of this story.

In the mid-90s, Check Point Technologies, released the stateful inspection firewall. The primary competition at the time included router-embedded packet filters (for example ACLs on Cisco IOS) and proxies (for example TIS Gauntlet firewall and Secure Computing Sidewinder firewall). The major battle between stateful inspection and proxies were waged on three fronts: performance, protocol support and security.

On performance, stateful inspection was significantly faster than proxies. Proxies established two TCP connections for each session, one client-side and one server side, that required significantly more processing. Bandwidth consumption and demand was growing at a dramatic pace due to increased Internet usage, as a result, performance became a primary buying criteria for the firewall. While security mattered, bottlenecks that affected access to the internet were unacceptable. On this front, stateful inspection won.

On protocol support, stateful inspection was easily adaptable and often without any source code modifications. Proxies on the other hand, often required protocol-specific stacks to support a new application. And in the late 90s, there was very little standardization. If you wrote a new application, you often created a new service (Protocol / Port combination - eg: tcp/3192). The idea of using HTTP as a common transport for all applications was not acceptable for a lot of reasons, including the performance implications and lack of synchronous communication in the early HTTP specification. This meant that new protocols were being created and deployed at a very rapid pace. As a result, customer demand for support for these new protocols outpaced proxy-based firewalls ability to add support.

In nearly every firewall proof of concept (PoC), some issue would be discovered where the firewall did not handle a customer's network communication properly. For a proxy, it would mean submitting a ticket to the firewall vendor or implementing some less than ideal workaround. For stateful inspection, it could be as easy as defining a new service or perhaps a simple issue of dealing with a TCP timeout. Stateful inspection firewalls proved easier to handle these unexpected issues resulting in more successful PoC's and ultimately sales. While security mattered, breaking communication of existing or new applications was an unacceptable limitation of the proxy. Once again, stateful inspection won.

Finally, security. There were heated debates about which firewall provided better security. Today, most would agree that an application-aware firewall can provide better security from protocol enforcement to behavioral control. Unfortunately for proxies, the other limitations were simply too severe for the business and "good security with negative business implications" lost out to "pretty good security with limited business impacts."

The result was stateful inspection won the battle against the proxy. There have been many advancements of firewall technology through the years and I will discuss these in subsequent posts, but it is important to recognize that stateful inspection won this early battle and remains the industry standard for firewall technology today.

Events

Webinars

Traditional security models are all about the current state – but in the current state of cyber-security, by the time new rules are written, they’re obsolete. Resources have changed, topologies have shifted, traffic has evolved, and applications grew new arms and legs.

Most organizations that I talk to still have their networks designed for 90's era attacks. A hard perimeter and little to nothing on the inside. The one common exception is the part of the network that processes credit card data since PCI DSS specifically identifies the Cardholder Data Network (CDN) and requires controls around it.

Join David Monahan, managing research director at leading IT analyst firm Enterprise Management Associates (EMA), and discover the difference between organizations using an SPOA solution to manage their firewall environments versus those not using one of these solutions.

Using Security Policy And Automation (SPOA) Tools To Reduce The Attack Surface

Attack surfaces have expanded greatly in the past several years, in part because of the amount of new applications coming online via Internet of Things and increasingly connected technology. Organizations have an admittedly tough time keeping up with all the new touchpoints and the rapid expansion of the attack surface. Complete defense is nearly impossible, and many companies struggle with visibility issues, mismatched or misaligned firewall policies, and an inability to comprehensively test the security configurations they do have

Cloud technology gives enterprises faster application deployment, instant storage, workload versatility and pricing models that decrease initial capital investment. It is no wonder enterprises are making the move to the cloud.

Migrations run the risk of cost overrun, delays and disruption of network service - often due to a lack of personnel and process to efficiently and effectively manage. To ensure a successful migration, consider these four key factors: 1) identifying and removing technical mistakes, 2) removing unused access, 3) refining and organizing what remains and 4) continuous, real-time monitoring.

Network Security Policy Management (NSPM) continues to be a difficult practice for organizations the world over. In the last 20 years, network security policies (e.g. firewall rules) have grown by more than 3,500%. Yes, you read that number correctly. Why is that?

Gartner research has uncovered a number of security policy challenges for enterprises. Among these challenges are the typical assessments necessary to fortify policy for compliance and improved security posture.

Welcome to the world of overflowing regulations and compliance standards, of evolving infrastructure and the ever-present breach. It's a world where 72% of security and compliance personnel say their jobs are more difficult today than just two years ago.

Firewall technology has come a long way since its initial, most rudimentary forms. Next-Generation Firewalls (NGFW) are the latest development, and organizations are accelerating adoption to the new technology. But NGFWs aren’t a fix-all solution.

Forrester’s Zero Trust Model of information security helps teams develop robust prevention, detection and incident response capabilities to protect their company's vital digital business ecosystem. This report will help security pros understand the technologies best suited to empowering and extending their Zero Trust initiatives and will detail how Forrester sees this model and framework growing and evolving.

The customer sought a data analysis tool to correlate application data with network and security data to spot service-impacting anomalies. They did not have an accurate picture of interoperability between applications and the underlying infrastructure.

This national insurance provider had three problems to tackle regarding their firewall policies. First, the number of rules under management was overwhelming staff and processes. They needed to increase visibility and effectiveness of their firewall change request/workflow ticketing process. And they also need help maintaining compliance PCI DSS requirements.

Each time this Global MSP engaged a new customer, they had to onboard the firewalls – sometimes hundreds per engagement – into their network. Part of the onboarding process required assessing the policies against internal best practices – a manual, line-by-line process that took an average of 16 hours/firewall and was extremely error-prone.